diff -up openssh-6.1p1/session.c.privsep-selinux openssh-6.1p1/session.c
--- openssh-6.1p1/session.c.privsep-selinux	2012-09-15 13:45:26.079476022 +0200
+++ openssh-6.1p1/session.c	2012-09-15 13:45:28.460522390 +0200
@@ -1513,6 +1513,7 @@ do_setusercontext(struct passwd *pw)
 
 		platform_setusercontext_post_groups(pw);
 
+
 		if (options.chroot_directory != NULL &&
 		    strcasecmp(options.chroot_directory, "none") != 0) {
                         tmp = tilde_expand_filename(options.chroot_directory,
@@ -1536,6 +1537,10 @@ do_setusercontext(struct passwd *pw)
 		/* Permanently switch to the desired uid. */
 		permanently_set_uid(pw);
 #endif
+
+#ifdef WITH_SELINUX
+		ssh_selinux_copy_context();
+#endif
 	}
 
 	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
diff -up openssh-6.1p1/sshd.c.privsep-selinux openssh-6.1p1/sshd.c
--- openssh-6.1p1/sshd.c.privsep-selinux	2012-09-15 13:45:26.062475676 +0200
+++ openssh-6.1p1/sshd.c	2012-09-15 13:45:28.467522539 +0200
@@ -794,6 +794,13 @@ privsep_postauth(Authctxt *authctxt)
 	do_setusercontext(authctxt->pw);
 
  skip:
+#ifdef WITH_SELINUX
+	/* switch SELinux content for root too */
+	if (authctxt->pw->pw_uid == 0) {
+		ssh_selinux_copy_context();
+	}
+#endif
+
 	/* It is safe now to apply the key state */
 	monitor_apply_keystate(pmonitor);